From: Paul Jakma (paul at domain clubi.ie)
Date: Wed 25 Sep 2002 - 00:43:03 IST
Hi,
There's an apache worm going around exploiting the mod_ssl
vulnerabilities -> slapper.
symptoms:
lots of traffic on UDP ports 2002 or 1978 or 4156. (depending on
variant).
high CPU usage of an apache httpd process (stop httpd and kill all
process called 'update' running as the apache user.
file called /tmp/.unlock (delete it, touch it and chmod 000 it)
http://www.itworld.com/Sec/3832/020924slappervariants/
http://lists.insecure.org/incidents/2002/Sep/0123.html
came home, sister remarked that internet was excruciatingly slow, had
been since about 30 min after turning it on, found my home machine
infected, currently have my dialup line absolutely swamped with udp
traffic.. :(
regards,
-- Paul Jakma paul at domain clubi.ie paul at domain jakma.org Key ID: 64A2FF6A warning: do not ever send email to spam at domain dishone.st Fortune: Committees have become so important nowadays that subcommittees have to be appointed to do the work.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:19:02 GMT